Mercurial Repository: p/roundup/code: roundup/cgi/templating.py comparison

comparison roundup/cgi/templating.py @ 5211:f4b6a2a3e605

Fix expiration dates and expire csrf tokens properly In client.py: add explicit expiration of csrf tokens to handle_csrf. There is a clean_up() that runs on every client connection before handle)csrf is invoked, but it only cleans every hour. With short lived tokens this is insufficient. Also remove debugging. In templating.py fix values for seconds/week and minutes per week. The original values were shifted/transposed and an order of magnitude off. In test_templating.py again fix seconds/week constant.

author	John Rouillard <rouilj@ieee.org>
date	Sun, 19 Mar 2017 17:10:13 -0400
parents	47bd81998ddc
children	17b213eab274

comparison

equal deleted inserted replaced

-:7da56980754d
+:f4b6a2a3e605
 # offset to time.time is calculated as:
 #  default lifetime is 1 week after __timestamp.
 # That's the cleanup period hardcoded in otk.clean().
 # If a user wants a 10 minute lifetime calculate
 # 10 minutes newer than 1 week ago.
-#   lifetime - 10800 (number of minutes in a week)
+#   lifetime - 10080 (number of minutes in a week)
 # convert to seconds and add (possible negative number)
-# from time.time().
+# to current time (time.time()).
+ts = time.time() + ((lifetime - 10080) * 60)
 otks.set(key, uid=client.db.getuid(),
 sid=client.session_api._sid,
-__timestamp=time.time() + ((lifetime - 10800) * 60) )
+__timestamp=ts )
 client.db.commit()
 return key
 ### templating

Mercurial > p > roundup > code

comparison roundup/cgi/templating.py @ 5211:f4b6a2a3e605